UCTrust Workgroup
Child pages
  • Assumptions and Notes about InCommon Silver Compliance

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Next »

Assumptions and Notes about InCommon Silver Compliance

Please insert sub-bullets for any assumptions or other observations about your campus's InCommon Silver compliance that you feel would be of interest to other campuses.

  • UCB
  • UCD
  • UCI
  • UCLA
  • UCM
  • UCR
  • UCSD
  • UCSF
  • UCSB
  • UCSC
    • General Questions
      • Is there an assumption that when we assert a givenName/sn for a Subject with a Silver IAQ that the name we provide is the name on record? (E.g., "legal name" and not "name I like to be called")?
    • Define: Registration
      • I assume that "IdPO Registration" refers to the process of creating a new identity/person record in whatever system is the source of that record. So for UCSC, the Registration is the entry of a student record into the student system, of an employee record into (one of) the HR system(s) or of a "sundry" record into the IdMS itself.
    • General IVP Questions
      • In many cases we generate and distribute credentials "in advance", without much identity vetting, and then later do an identity vetting of the individual. E.g., we create an account for a Subject with an informal employment offer (who is not in PPS), provide the (presumed) Subject with the credential, and then later do an in-person or remote verification of the Subject (I-9 verification, entry into PPS).
        In these cases it's difficult to assert that the person we originally distributed the credential to is the same physical Subject as goes through the IVP, since there was no real IVP (at least not beyond Bronze level) of the initial, non-validated credential distribution. What's an appropriate level of "retroactive verification" of the account delivery in these cases?
    • Registration and Identity Proofing (4.2.2.3)
      • This language is in the section on "Registration" but it seems to be describing how to do Identity Proofing for Credential Issuance (the language in Credential Issuance says "Identity Vetting must meet same strength as in 4.2.2.3"). It's unclear to me what is required for verifying an "Address of Record" when the Registration Record is being created.
    • RA Authentication (4.2.2.4)
      • Assuming this refers to the credentials used to log into the systems where Subject records are created. E.g., PPS.
  • LBNL
  • UCOP
  • No labels